Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

purl containing a query parameter repository_url with own (encoded) query parameters not handled correctly? #43

Open
Festus1248 opened this issue Apr 14, 2023 · 2 comments
Open

purl containing a query parameter repository_url with own (encoded) query parameters not handled correctly? #43

Festus1248 opened this issue Apr 14, 2023 · 2 comments

Comments

@Festus1248
Copy link

Hi there,

...maybe this is just misunderstanding from my side, but when I create a purl object for a purl like this
pkg:oci/azure-cli@sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b?repository_url=index.docker.io%2Fbitnami%2Fazure-cli\u0026arch=amd64
it seems that the (encoded) query parameter from the query parameter repository_url is handled as separate query parameter of the purl and not of the repository_url.
The result is:

PackageURL {
      type: 'oci',
      name: 'azure-cli',
      namespace: null,
      version: 'sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b',
      qualifiers: {
        repository_url: 'index.docker.io/bitnami/azure-cli',
        arch: 'amd64'
      },
      subpath: null
    }

My expectation would have been:

PackageURL {
      type: 'oci',
      name: 'azure-cli',
      namespace: null,
      version: 'sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b',
      qualifiers: {
        repository_url: 'index.docker.io/bitnami/azure-cli&arch=amd64'
      },
      subpath: null
    }

Is my expectation wrong or is this a bug?
@Festus1248
Copy link
Author

Hi there,

...small correction from my side: The example I provided above is - in reference to the purl specification not a correct purl, since the value of the qualifier repository_url is not percent encoded.

But if you try with a correct purl like pkg:oci/azure-cli@sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b?repository_url=index.docker.io%2Fbitnam%2Fazure-cli%26arch%3Damd64 and you transform this into a packageURL Object and back to string (with toString() ), then the result differs from the input. See the following test, which fails:

`import { PackageURL } from 'packageurl-js';

const purl =
'pkg:oci/azure-cli@sha256:9df8ac260650dbae684ab7e47916d4def942582b491d1fe0593b22eb1cac235b?repository_url=index.docker.io%2Fbitnam%2Fazure-cli%26arch%3Damd64';

expect(PackageURL.fromString(purl).toString()).toBe(purl);
`
After the toString() method, the qualifier value contains '/', which is not percent-encoded.

Sorry for the confusion!

@jdalton
Copy link
Contributor

jdalton commented May 17, 2024

Related to package-url/purl-spec#39

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdalton @Festus1248